Compliance & Privacy Manager

About Dario

At Dario, every day presents a new chance to make a positive impact. Our mission is to simplify better health, and our dedicated employees contribute to this goal daily, assisting hundreds of thousands worldwide in enhancing their well-being. We seek enthusiastic, intelligent, and cooperative individuals eager to pursue a meaningful and impactful career.

Job Overview

The Compliance & Privacy Manager at Dario Health is responsible for ensuring the organization's adherence to all regulatory mandates and internal policies. This involves managing compliance structures, monitoring operational workflows, and overseeing audit processes. The role requires close collaboration with various departments to minimize risks, protect sensitive information, and foster ongoing improvements in compliance practices.

Key Responsibilities

• Contribute to governance, risk, and compliance analysis to establish programs that ensure the security and regulatory compliance of personnel, systems, applications, and third-party vendors.
• Partner with cross-functional teams, including Legal, IT, and Product departments, to pinpoint and mitigate compliance-related risks.
• Support internal and external audits by assisting with preparation, facilitating the process, and managing the follow-up on corrective actions for frameworks like SOC 2 and HITRUST.
• Administer security awareness and compliance training initiatives to educate employees on relevant policies, regulations, and best practices.
• Oversee the management of third-party risks and vendor compliance, ensuring thorough due diligence and adherence to contractual obligations.
• Maintain precise records and generate reports on compliance activities, encompassing risk assessments, incident response procedures, and audit outcomes.
• Develop, implement, and update privacy policies and procedures in accordance with federal and state laws, ensuring DarioHealth's handling of Protected Health Information (PHI) meets all regulatory standards.
• Conduct privacy risk assessments and related compliance monitoring activities to proactively identify and address potential vulnerabilities in the management of patient and user data.
• Ensure adherence to frameworks such as GDPR, UK Data Protection Act, and U.S. state privacy laws, addressing the rights of users in the EEA, EU, UK, and other regions with similar privacy regulations, including their rights to access, restrict, and manage their personal data.

Requirements

• A strong academic foundation in healthcare, compliance, or privacy is essential; a master's degree or professional certifications like PMP, CIPT, or CIPP are highly desirable.
• Possess 5 to 7 years of professional experience specifically in compliance, risk management, or operations within highly regulated sectors, such as healthcare or healthtech.
• Demonstrate familiarity with key laws, regulations, and frameworks including HIPAA, GDPR, CPRA, ISO 13485/27001, HITRUST, NIST, and SOC 2.
• Prior experience in IT Auditing, particularly with SOC 2 and HITRUST, is strongly preferred.
• Exhibit exceptional organizational capabilities and adept problem-solving skills.
• Proven ability to lead cross-functional teams and drive the successful execution of compliance initiatives.
• Possess strong communication and interpersonal abilities to effectively engage with stakeholders and conduct training sessions on compliance matters.

Diversity and Inclusion

DarioHealth champions diversity in thought, culture, and background, fostering a connected team environment. We believe that each team member enhances our diversity by bringing unique perspectives to understanding and engaging with the world, identifying challenges, and developing innovative solutions. We are committed to building and maintaining inclusive and equitable workplaces for all individuals and do not discriminate against any employee or job applicant.